Skip to main content

Privacy Policy

Last updated: March 2026

1. Introduction

Nolorem ("we", "our", or "us") is operated by Bonalogic. This Privacy Policy explains how we collect, use, share, and protect your personal data when you use our platform at nolorem.io.

We are committed to protecting your privacy and processing your personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is:

3. Data We Collect

We collect the following categories of personal data:

Account Information

Name, email address, and organization details provided during signup and account management.

Usage Data

Pages visited, features used, interaction patterns, and timestamps to improve our service and understand usage.

Content Data

Blog posts, social media content, research queries, outlines, and other materials you create or generate through the platform.

Payment Data

Billing information processed securely through Stripe, including your email and subscription details. We do not store credit card numbers on our servers.

Technical Data

IP address, browser type, device information, operating system, and referring URLs collected automatically when you access the platform.

4. How We Use Your Data

Your data is used for the following purposes:

  • Service delivery: Providing and maintaining the Nolorem platform, including content creation, scheduling, and publishing features.
  • Billing: Processing payments, managing subscriptions, and issuing invoices through Stripe.
  • Transactional emails: Sending account confirmations, billing receipts, publishing notifications, and trial expiration warnings via Resend.
  • AI content generation: Processing your prompts, topics, and outlines through AI providers (Anthropic, OpenAI) to generate blog posts and social media content.
  • Image generation: Processing image prompts through Fal.ai to create AI-generated images for your content.
  • Research: Using Perplexity and Tavily to gather research data for your content topics.
  • Analytics improvement: Analyzing anonymized usage patterns to improve features and user experience.

We process your personal data on the following legal bases under GDPR Article 6:

  • Contract performance (Art. 6(1)(b)): Processing necessary to deliver the services you subscribed to, including content generation, publishing, and account management.
  • Legitimate interests (Art. 6(1)(f)): Service improvement through anonymized analytics, fraud prevention, and platform security.
  • Consent (Art. 6(1)(a)): Non-essential cookies and any future marketing communications. You may withdraw consent at any time.

6. Data Sharing & Sub-processors

We share your data with third-party sub-processors only as necessary to deliver the Service. We do not sell your personal data. Our sub-processors include:

  • Supabase — Authentication and database
  • Stripe — Payment processing
  • Anthropic — AI text generation (primary)
  • OpenAI — AI text generation (fallback)
  • Fal.ai — AI image generation
  • Postiz — Social media scheduling
  • Apify — Content discovery scraping
  • DataForSEO — Keyword research
  • Perplexity — AI research (primary)
  • Tavily — AI research (fallback)
  • Resend — Transactional email

For full details on each sub-processor, including data categories and locations, see our Data Processing Agreement.

7. International Transfers

Some of our sub-processors are based in the United States. Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including EU Standard Contractual Clauses (SCCs) as approved by the European Commission.

8. Data Retention

We retain your personal data for as long as your account is active and necessary to provide the Service. Specifically:

  • Active accounts: Data is retained for the duration of your account.
  • Account deletion: Personal data is deleted within 30 days of account deletion request.
  • Anonymized analytics: Aggregated, anonymized data may be retained indefinitely for service improvement.
  • Legal obligations: Billing records may be retained as required by applicable tax and accounting laws.

9. Your Rights

Under GDPR and applicable privacy laws, you have the following rights regarding your personal data:

  • Right of access: Request a copy of the personal data we hold about you.
  • Right to rectification: Request correction of inaccurate or incomplete personal data.
  • Right to erasure: Request deletion of your personal data ("right to be forgotten").
  • Right to data portability: Request your data in a structured, commonly used, machine-readable format.
  • Right to restrict processing: Request that we limit how we use your data.
  • Right to object: Object to processing based on legitimate interests.
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent.
  • Right to lodge a complaint: File a complaint with your local data protection supervisory authority.

To exercise any of these rights, contact us at privacy@nolorem.io. We will respond within 30 days.

10. Cookies

We use essential cookies required for the platform to function, including authentication and session management. By default, we do not set non-essential tracking cookies.

If you have accepted non-essential cookies via our cookie consent banner, we may use analytics cookies to understand usage patterns. You can change your cookie preferences at any time using the "Cookie Preferences" link in the site footer.

11. Children

Nolorem is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child under 16, please contact us at privacy@nolorem.io and we will promptly delete it.

12. Changes

We may update this Privacy Policy from time to time. For material changes, we will notify you via email at the address associated with your account. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Contact

For privacy-related inquiries, data subject requests, or concerns about how we handle your personal data, contact us at: